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IN THE CLAIMS: 

Please cancel Claims 1-5, 12, 18, 19, 21, 22, 24, and 25 without prejudice. 
Please re-write the claims to read as follows. 
Claims 1-5 (Cancelled) 

1 6. (Previously Presented) A method for creating and maintaining a plurality of virtual 

2 servers within a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server 

4 by allocating units of storage and network addresses of network interfaces of the server to 

5 each instance of the virtual server, and sharing an operating system and a file system of 

6 the server among all of the virtual servers; 

7 enabling controlled access to the resources using logical boundary checks and se- 

8 curity interpretations of those resources within the server; and 

9 providing a vfiler context structure including information pertaining to a security 

10 domain of the vfiler. 

1 7. (Original) The method of Claim 6 wherein the step of allocating comprises the step of 

2 providing a vfstore list of the vfiler context structure, the vstore list comprising pointers 

3 to vfstore soft objects, each having a pointer that references a path to a unit of storage al- 

4 located to the vfiler. 

1 8. (Original) The method of Claim 7 wherein the step of allocating further comprises the 

2 step of providing a vfnet list of the vfiler context structure, the vfnet list comprising 

3 pointers to vfnet soft objects, each having a pointer that references an interface address 

4 data structure representing a network address assigned to the vfiler. 
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1 9. (Original) The method of Claim 8 wherein the step of enabling further comprises the 

2 step of performing a vfiler boundary check to verify that a vfiler is allowed to access cer- 

3 tain storage resources of the filer. 

1 10. (Original) The method of Claim 9 wherein the step of performing comprises the step 

2 of validating a file system identifier and qtree identifier associated with the units of stor- 

3 age. 

1 11. (Original) The method of Claim 10 wherein the step of performing further comprises 

2 the steps of: 

3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the vfiler is authorized to access the unit of storage; 

5 if the vfiler is not authorized to access the requested unit of storage, immediately 

6 denying the request; 

7 otherwise, allowing the request; and 

8 generating file system operations to process the request. 

12. (Cancelled) 

1 13. (Previously Presented) A system adapted to create and maintain a plurality of virtual 

2 servers within a server, the system comprising: 

3 storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 network interfaces assigned one or more network address resources, the network 

6 address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system; 



3 



PATENTS 
112056-0022 
P01-1047 



10 a context data structure provided to each virtual server, the context data structure 

11 including information pertaining to a security domain of the virtual server that enforces 

12 controlled access to the allocated and shared resources; and 

n a processing element coupled to the network interfaces and storage media, and 

14 configured to execute the operating and file systems to thereby invoke network and stor- 

15 age access operations in accordance with results of the boundary check of the file system. 

1 14. (Original) The system of Claim 13 wherein the units of storage resources are volumes 

2 and qtrees. 

1 15. (Original) The system of Claim 14 further comprising a plurality of table data struc- 

2 tures accessed by the processing element to implement the boundary check, the table data 

3 structures including a first table having a plurality of first entries, each associated with a 

4 virtual server and accessed by a file system identifier (fsid) functioning as a first key into 

5 the table, each first entry of the first table denoting a virtual server that completely owns 

6 a volume identified by the fsid. 

1 16. (Original) The system of Claim 15 wherein the table data structures further include a 

2 second table having a plurality of second entries, each associated with a virtual server and 

3 accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), each sec- 

4 ond entry of the second table denoting a virtual server that completely owns a qtree iden- 

5 tified by the fsid and qtreeid. 

1 17. (Original) The system of Claim 16 wherein the server is a filer and wherein the vir- 

2 tual servers are virtual filers. 

18. (Cancelled) 
19. (Cancelled) 
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1 20. (Previously Presented) Apparatus adapted to create and maintain a plurality of virtual 

2 filers (vfilers) within a filer, the apparatus comprising: 



3 means for allocating dedicated resources of the filer to each vfiler; 

4 means for sharing common resources of the filer among all of the vfilers; and 

5 means for enabling controlled access to the dedicated and shared resources using 

6 logical boundary checks and security interpretations of those resources within the 

7 server and for providing a vfiler context structure including information pertain- 

8 ing to a security domain of the vfiler. 



21. (Cancelled) 
22. (Cancelled) 



1 23. (Previously Presented) A computer readable medium containing executable program 

2 instructions for creating and maintaining a plurality of virtual filers (vfilers) within a filer, 

3 the executable program instructions comprising program instructions for: 

4 allocating dedicated resources of the filer to each vfiler; 

5 sharing common resources of the filer among all of the vfilers; and 

6 enabling access to the dedicated and shared resources using logical boundary 

7 checks and security interpretations of those resources within the server and_providing a 

8 vfiler context structure including information pertaining to a security domain of the 

9 vfiler. 

24. (Cancelled) 

25. (Cancelled) 
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